package com.itheima.dianming.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true)
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public AuthenticationSuccessHandler getAuthenticationSuccessHandler(){
        return new MyAuthenticationSuccessHandler();
    }

    @Bean
    public AuthenticationFailureHandler getAuthenctiationFailureHandler(){
        return new MyAuthenctiationFailureHandler();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests() // 配置http请求的访问权限控制
        //.anyRequest().permitAll() //允许所有访问【未登录页可以】
        .antMatchers("/css/**").permitAll() //放行登录
        .antMatchers("/element-ui/**").permitAll() //放行登录
        .antMatchers("/fonts/**").permitAll() //放行
        .antMatchers("/image/**").permitAll() //放行
        .antMatchers("/js/**").permitAll() //放行
        .antMatchers("/login.html").permitAll() //放行
        .antMatchers("/user/count").permitAll()
        .anyRequest().authenticated() //任何请求，只要登录即可访问
        .and()
        .formLogin()
        .loginPage("/login.html") //指定登录页
        .loginProcessingUrl("/login") //指定登录请求提交的地址
        .successHandler(getAuthenticationSuccessHandler())
                .failureHandler(getAuthenctiationFailureHandler())
        .usernameParameter("username")
        .passwordParameter("password")
        .and()
        .exceptionHandling().accessDeniedPage("/403.html")
        .and()
        .logout()
        .logoutUrl("/logout") //指定退出登录请求的url地址
        .logoutSuccessUrl("/login.html") //指定登录成功后，跳转的页面
        .invalidateHttpSession(true)
        .and()
        .headers().frameOptions().disable() // iframe 嵌套页
        .and()
        .sessionManagement()
        .maximumSessions(1)
        .maxSessionsPreventsLogin(false)
        .expiredUrl("/login.html"); // 以上配置实现的效果：挤出登录的效果！！

        http.csrf().disable();//如果需要自定义登录页，这个必须关闭！！
    }

    @Bean
    public UserDetailsService userDetailsService(){
        return new SpringSecurityUserService();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                // 指定UserDetailsService的实现类，目的就是加载用户名和密码
                .userDetailsService(userDetailsService())
                // 指定加密算法
                .passwordEncoder(new BCryptPasswordEncoder());
    }

    public static void main(String[] args) {

        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();

        String encode = bCryptPasswordEncoder.encode("1234565");
        System.out.println(encode);

    }
}
